Apt

This hub aggregates every CVE we track for Apt, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 9 most recently published vulnerabilities affecting Apt.

• BDU:2026-06211Уязвимость функции PackageFromTask() программы для установки, обновления и удаления программных пакетов Apt, позволяющая нарушителю вызвать отказ в обслуживании5.5May 4, 2026
• CVE-2020-27350apt integer wraparound5.7Dec 10, 2020
• CVE-2020-3810Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.5.5May 15, 2020
• CVE-2011-3374It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.3.7Nov 25, 2019
• CVE-2019-3462Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execut...8.1Jan 28, 2019
• CVE-2014-7206The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.3.6Oct 15, 2014
• CVE-2013-1051apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibl...4.3Mar 21, 2013
• CVE-2012-0961Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable pe...2.1Dec 26, 2012
• CVE-2009-1358apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or ex...10.0Apr 21, 2009